How South Korea Invests in Human Capital for Cyber-Security by Seungjoo Gabriel Kim - CODE BLUE 2015

How South Korea Invests in Human Capital for Cyber-Security

2

Who am I?

Cyber Security Situation

Government

Non-Profit Private Organization

Universities & Colleges

Other Education Programs

University Security Clubs

Hacking Contests/Conferences

Conclusions & Future Works

Contents

3

Who am I?

4

2000. 03. : Founded Graduate School of Information Security () domestically for the first time

2009. 12. & 2010. 08. : Successively won DC3 Digital Forensic Challenge 2009 & 2010

2012. 03 : Established Undergraduate Dept. of Cyber Defense (Cyber)

2015. 05 : Came in 3rd at the ACM International Collegiate Programming Contest, one of the largest international programming contests

2015. 08. : Won DEFCON CTF 2015

Korea University

5

Leading institution in research and education in cybersecurity of Korea

17 full-time professors + 2 adjunct professors + 8 visiting professors

Having turned out 1,000+ Ms.D/Ph.D security experts

Having published 520+ papers on SCI(E) journals over the last 15 years

Former president of Graduate School of Information Security, Jong In Lim, was appointed as Special Advisor to the President for National Security

Korea University (Cont.)

6

(Nick : Pr0xy5kim), 1971

1999. 02 : Ph.D on Cryptography @ Sungkyunkwan Univ.

1997.6~1997.8 : Visiting Researcher @ Prof. Shigeo Tsujii's Lab. of the Chuo University, Tokyo, Japan

1998.12~2004.02 : Director @ KISA (Korea Internet & Security Agency)

2004.03~2011.02 : Assistant Professor & Associate Professor @ Sungkyunkwan Univ.

2011.03~Now : Associate Professor & Full Professor @ Graduate School of Information Security, Korea Univ.

Prof. Dr. Seungjoo (Gabriel) Kim

7

From 2011, Co-Founder/Advisory Director of a hacker group, HARU and an international security & hacking conference, SECUINSIDE.

Prof. Dr. Seungjoo (Gabriel) Kim (Cont.)

8

Founded in 2011

Acronym of HAckers Re-Union or HAckers aRe Us

President :

Members :

BLACK.PERL (www.bpsec.co.kr), CNSECURITY (www.cnsec.co.kr), FlyHigh, GRAYHASH (BEISTLAB, www.grayhash.com), Hackerschool (www.hackerschool.org), iNET COP (www.inetcop.net), NSHC (www.nshc.net), SEWORKS (Wowhacker, www.seworks.co), etc.

[Note] HARU

9

Also, a head of SANE(Security Analysis aNd Evaluation, ) Lab.


10

Also, a head of SANE(Security Analysis aNd Evaluation, ) Lab.


11

Cyber Security Situation

12

In Korea, cyber warfare has become real, not a virtual one. North Korea continues to expand its cyber warfare capabilities.

South Korean National Intelligence Service (NIS, Korean CIA) officially reported 75,472 cyber-attacks launched against the government and public agencies from 2010 until October 2014.

North Korea attempts millions of indiscriminate cyber-attack attempts on government agencies and private corporations in South Korea.

Cyber Security Situation in KR

13

Especially, five years ago, South Korea was hit by a computer virus that took over 20,000 computers and had them attack banks, television stations and its ministry of defense.

Korean government believes that North Korean General Bureau of Reconnaissance (), specifically Unit 121, dedicates more than 6,000 full-time hackers who create malicious computer codes.

Cyber Security Situation in KR (Cont.)

14

To narrow the gap with the North, recently South Korean government has been devoting itself to raise more cyber security experts.

Cyber Security Situation in KR (Cont.)

15

Government

16

National Security Office (, Control Tower)

NIS (National Intelligence Service (Korean CIA), ])

NSR (National Security Research Institute)

MSIP (Ministry of Science, ICT & Future Planning, )

KISA (Korea Internet & Security Agency) Cyber Security Research Division of ETRI (Electronics

and Telecommunications Research Institute)

KCC (Korea Communications Commission, )

Cyber Security Related Government

17

MOI (Ministry of the Interior, )

FSC (Financial Services Commission, ) & FSS (Financial Supervisory Service, )

FSI (Financial Security Institute)

MOD (Ministry of Defense, ) & Cyber Command

ADD (Agency for Defense Development)

SPO (Supreme Prosecutors' Office, ) & NPA (National Police Agency, )

Cyber Security Related Government

18

Non-Profit Private Organizations

19

NISA (National Information Security Agency, 2002)

KIISC (Korea Institute of Information Security & Cryptology, 1990) www.kiisc.or.kr

KCSA (Korea Convergence Security Association, 2001) www.kocosa.org

KISIA (Korea Information Security Industry Association, 1997) www.kisia.or.kr

CONCERT (CONsortium of CERTs, 1996) www.concert.or.kr


20

Korea Council of Chief Information Security Officers (2009) www.cisokorea.org

OPA (Korea Online Privacy Association, 2011) www.opa.or.kr

KCPPI (The Korean Council on the Protection of Personal Information, 2010) www.kcppi.or.kr

Korea Chief Privacy Officers' FORUM (2007) www.cpoforum.or.kr

HARU (HAckers Re-Union, 2011) www.h4ru.com


21

Universities & Colleges

22

# of Departments of Undergraduate schools to offer cyber security programs of study : 36 (increased 28.6% from year-ago)

# of Undergraduate Students on the register : 5,701 (increased 15.8% from year-ago)

# of Departments of Graduate schools to

offer cyber security programs of study : 32

# of Graduate Students on the register : 1,241 (increased 24.6% from year-ago)

Universities (in 2014)

23

Since Joongbu Univ. established the first cyber security undergraduate program in 1996, it has been growing quickly every year.

Recently, joint educational programs with security companies are on the increase.

Full Scholarship over Guaranteed Employment

Universities (in 2014) (Cont.)

24

# of Departments of Colleges to offer cyber security programs of study : 8

# of students on the register : 568

(increased 34.6% from year-ago)

Colleges (in 2014)

25

Established in 2012 In 2016, we will graduate 30 students for

the first time.

Joint educational programs with Korea Army (Cyber Command)

Full Scholarship over Guaranteed Employment

Upon graduation, they are to be commissioned as second lieutenants and must serve in the military for seven years

Accept top 1% of students in the national college entrance exam

Dept. of CYDF @ Korea Univ.

26

Inspired by Israel's Talpiot program

Talpiot means best of the best in Hebrew

Israel set up the Talpiot program in 1979 to train the nation's most promising high-school graduates to become technological innovators for the military

Members of program, called Talpions, spend 3 years in study, followed by 6 years of military service focused on improving the Israeli military's technological edge rather than serving in combat units

Giving financial support for start-ups

Dept. of CYDF @ Korea Univ. (Cont.)

27

Curriculum :

Cryptology & Steganography Cyberlaw Cyberpsychology Hacking Digital forensics Information assurance Basic military studies, etc Also embedded some programs in the

curriculum to inculcate students with patriotism and a strong work ethic


28

In 2015, "DEFKOR," the team comprised of 8 students from Dept. of CYDF at Korea University and 3 from Korea-based IT security solution provider Raonsecure, and 2 Korean students studying in the U.S. won the TOP prize at the DEFCON CTF 23!

In this year, 4,000+ teams qualified, 15 teams made finalists!


29


30

Public Sector & Government Cyber Security Education Programs

Education and Training for Public Officers NSRs CSTEC, KIA Academy

Education and Training for Non-Officers KISAs K-Shield, KITRIs BoB, KISAs Online

Information Security Training Lab., ITRC

Private Sector Cyber Security Education Programs In 2014, 25 private cyber security training

institutes


31

CSTEC (Cyber Security Training and Exercise Center)

Opened at Daejeon, Oct. 2014.

Organized by NSR (National Security Research Institute)

KISA Academy

Opened at Seoul, May 2009.

Organized by KISA (Korea Internet & Security Agency)

Public Programs for Public Officers

32

K-Shield

Since 2013.

Organized by KISA

Aimed at : Raising very highly skilled cyber security experts

Until 2017, plan to produce 5,000 certified experts

Applicants requirement : Security staffs in public or private sector

Public Programs for Non-Officers

33

BoB (Best of the Best)

Since 2012.

Organized by KITRI (Korea Information Technology Research Institute)

Aimed at : Raising very highly skilled cyber security experts

Running strong peer-to-peer mentoring program for professional development.

Mentors : Almost all members of HARU, Other well-known security experts, etc.

Applicants requirement : Students (high school, undergraduate and graduate)


34


Courses :

About 8 month course

Survival program

The final 6 students will get around $17,000 each

1st Semester : Learning about information security (crypto, network, OS, ethics and so on) from professionals

2nd Semester : Projects with mentors

3rd Semester : Advanced researches


35


Among 13 DEFKOR members, 10 is BoB students(8) or mentors(2)!


36

Online Information Security Training Lab.

Since 2001.

Organized by KISA

www.sis.or.kr


37

ITRC (University Information Technology Research Center)

Since 2000.

Supported by the MSIP (Ministry of Science, ICT & Future Planning)

During 2000~2014, KRW 415.72 billion (= USD 363,709,536.31 = JPY 43,699,740,358.03) was funded (121 centers of 45 universities) by MSIP

Including ITRC for cyber security field


38

University Security Clubs

39

At school, lots of information security clubs in Korea

Since 2006, KISA & MSIP have been encouraging and supporting security clubs at universities

In 2014, 45 clubs are selected & supported

Awards and Money

Some clubs are famous at the world class CTFs

CyKor (Korea Univ.), GoN (KAIST), PLUS (Postech)

University Clubs of Information Security

40


41

10+ hacking contests/conferences per year

International

SECUINSIDE by HARU, Korea Univ., KISA(MSIP), NSR(NIS), and KOSCOM

CODEGATE by SOFTFORUM and KISA(MSIP) POC (Power Of Community) by HNS company

Domestic

HDCON (Hacking Defence CONtest) by KISA(MSIP)

White-Hat Hacker Contest by Ministry of Defense and the NIS

FISCON (Financial Information Security CONference) by FSI(FSS)

INC0GNITO by 10 University Security Clubs


42

Since 2011.

Hosted by HARU, Korea Univ., KISA(MSIP), NSR(NIS), and KOSCOM

SECUINSIDE CTF winners are pre-qualified for DEFCON CTF

From 2015, they began Pwn2Own contest (named as 'Capture The Bug') for the first time in Korea

www.secuinside.com

SECUINSIDE

43

Since 2008.

Hosted by SOFTFORUM and KISA(MSIP)

The first international hacking contests/conferences in Korea

CODEGATE CTF winners are pre-qualified for DEFCON CTF

www.codegate.org

CODEGATE

44

Since 2004.

Hosted by KISA(MSIP)

The oldest hacking contests/conferences in Korea

HDCON

45

Korea is probably most activated infosec country in East Asia! However, we should move

From quantitative growth to qualitative growth

Can get a good job after graduation

From information security oriented education to information assurance oriented education (e.g.) U.S.s NIAETP (National Information

Assurance. Education and Training Program)

Conclusions & Future Works

46

[Note] Information Assurance

47

Computer Security Era (the early 1960s ~)

Information Security Era (the 1980s ~)

Information Assurance Era (1998 ~)


48

Originated in the U.S. DoD in the late 1990's.

IA is more than just IS!


(Source : Algirdas Aviz ienis et al., "Fundamental Concepts of Dependability", UCLA CSD Report no. 010028)

How South Korea Invests in Human Capital for Cyber-Security

Slide Number 1Slide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Slide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14Slide Number 15Slide Number 16Slide Number 17Slide Number 18Slide Number 19Slide Number 20Slide Number 21Slide Number 22Slide Number 23Slide Number 24Slide Number 25Slide Number 26Slide Number 27Slide Number 28Slide Number 29Slide Number 30Slide Number 31Slide Number 32Slide Number 33Slide Number 34Slide Number 35Slide Number 36Slide Number 37Slide Number 38Slide Number 39Slide Number 40Slide Number 41Slide Number 42Slide Number 43Slide Number 44Slide Number 45Slide Number 46Slide Number 47Slide Number 48Slide Number 49

How South Korea Invests in Human Capital for Cyber-Security by Seungjoo Gabriel Kim - CODE BLUE 2015

Internet

Transcript of How South Korea Invests in Human Capital for Cyber-Security by Seungjoo Gabriel Kim - CODE BLUE 2015